Is Zero Trust segmentation the answer to mitigating ransomware threats?
As companies increasingly move towards hybrid cloud infrastructures, fostering hyperconnectivity across applications, systems, and users, ongoing digital transformation projects are breeding complexity for modern enterprises. This is one of the reasons why devastating ransomware attacks are at an all-time high. Research by ESG found that 76 percent of IT and security professionals experienced at least one ransomware attack in the past year. What’s worse, 82 percent of the victims paid the ransom, with the average payout reaching $495,000.
In most cases, the fear of downtime and critical data loss drives the decision to pay the ransom. However, payouts are rarely the best long-term solution to combat this problem. Instead, businesses should focus on containing attacks and minimizing resulting business damage proactively. And one of the best ways to reach both outcomes, while bolstering business resilience, is with a modern Zero Trust approach to cybersecurity.
Start with an 'assume breach' mentality
For over a decade now, CISOs have focused on keeping threats outside of their organization -- yet ransomware remains a harsh reality for all organizations today. By shifting to a Zero Trust approach, one based on assuming breach and implementing least privilege controls, organizations can reduce their risk and the impact of a potential compromise.
By 'assuming breach' you understand that bad actors will inevitably breach perimeter defenses, exploit vulnerabilities or take advantage of unsuspecting insiders. Yet, despite being a core pillar of any Zero Trust strategy, most companies are still not operating with this mindset. ESG found that while 90 percent of organizations consider Zero Trust to be critical, only half operate with an 'assume breach' mentality. To successfully manage today’s dynamic attack surface and prepare for tomorrow’s attacks organizations must assume breach to improve resilience.
Finding the right proactive approach
As ransomware evolves, it’s important for organizations to consider which Zero Trust technologies are best suited for their unique business needs. Zero Trust Segmentation is a proactive approach built on Zero Trust principles that isolates data and applications to stop the spread of breaches across hybrid environments, thereby dramatically limiting their impact.
What’s more, the same ESG study found that 87 percent of Zero Trust Segmentation pioneers -- those classified as advanced users -- rated their Zero Trust journey as 'very successful', while being able to save over $20 million in annual downtime costs. These companies were also almost three times more prepared to handle attacks like ransomware and have been able to avert 5 cyber disasters annually -- compared to companies that don’t have any segmentation capabilities, or use legacy solutions.
With proactive strategies like Zero Trust Segmentation in place, organizations are far less likely to face tradeoffs between business continuity and ransomware payouts -- which often result in much larger economic implications. By focusing on containing damage and controlling impact, Zero Trust Segmentation significantly reduces the business risks posed by ransomware -- empowering organizations to establish better security and resilience across the board.
Image credit: Olivier26/depositphotos.com
Raghu Nandakumara is Head of Industry Solutions at Illumio.